On Mon, Mar 10, 2014, vicki2014 wrote: > I am trying to cross compile openssl with fips 2.0 on our target device. Our > target platform is Linux 3.2.0 running on bubybox. Here is our configure: > > export MACHINE = armv71 > export RELEASE = 3.2.0 > export SYSTEM = Linux > export ARCH = arm > export CROSS_COMPILE = "arm-linux-gnueabihf-" > export FIPS_SIG=$PWD/openssl-fips-2.0.5/util/incore > export HOSTCC = gcc > > First, I compile fips 2.0.5 as following > gunzip -c openssl-fips-2.0.5.tar.gz | tar xf - > cd openssl-fips-2.0.5 > ./configure no-asm > make > make install $PWD/../fips > cd .. > > Then compile openssl 1.0.1f as following > gunzip -c openssl-1.0.1f.tar.gz | tar xf - > cd openssl-1.0.1f > ./configure fips no-asm --with-fipsdir=$PWD/../fips > make depend > make > cd .. > > After these, I compile the testing suite > cd openssl-fips-2.0.5 > make build_algvs > > Then I run on the target device > ./fips-algvs fips_test_suite post > > Here is the output > FIPS-mode test application > FIPS 2.0.5 validated module 10 Apr 2013 > > DRBG AES-256-CTR DF test started > DRBG AES-256-CTR DF test OK > POST started > Integrity test started > ERROR:2D06B06F:lib=45,func=107,reason=111:file=fips.c:line=232 > Integrity test Failed Incorrectly!! > DRBG AES-256-CTR DF test started > DRBG AES-256-CTR DF test OK > DRBG AES-256-CTR test started > DRBG AES-256-CTR test OK > DRBG SHA256 test started > DRBG SHA256 test OK > DRBG HMAC-SHA256 test started > DRBG HMAC-SHA256 test OK > DRBG P-256 SHA256 test started > DRBG P-256 SHA256 test OK > X9.31 PRNG keylen=16 test started > X9.31 PRNG keylen=16 test OK > X9.31 PRNG keylen=24 test started > X9.31 PRNG keylen=24 test OK > X9.31 PRNG keylen=32 test started > X9.31 PRNG keylen=32 test OK > Digest SHA1 test started > Digest SHA1 test OK > Digest SHA1 test started > Digest SHA1 test OK > Digest SHA1 test started > Digest SHA1 test OK > HMAC SHA1 test started > HMAC SHA1 test OK > HMAC SHA224 test started > HMAC SHA224 test OK > HMAC SHA256 test started > HMAC SHA256 test OK > HMAC SHA384 test started > HMAC SHA384 test OK > HMAC SHA512 test started > HMAC SHA512 test OK > CMAC AES-128-CBC test started > CMAC AES-128-CBC test OK > CMAC AES-192-CBC test started > CMAC AES-192-CBC test OK > CMAC AES-256-CBC test started > CMAC AES-256-CBC test OK > CMAC DES-EDE3-CBC test started > CMAC DES-EDE3-CBC test OK > Cipher AES-128-ECB test started > Cipher AES-128-ECB test OK > CCM test started > CCM test OK > GCM test started > GCM test OK > XTS AES-128-XTS test started > XTS AES-128-XTS test OK > XTS AES-256-XTS test started > XTS AES-256-XTS test OK > Cipher DES-EDE3-ECB test started > Cipher DES-EDE3-ECB test OK > Cipher DES-EDE3-ECB test started > Cipher DES-EDE3-ECB test OK > Signature RSA test started > Signature RSA test OK > Signature ECDSA P-224 test started > Signature ECDSA P-224 test OK > Signature ECDSA K-233 test started > Signature ECDSA K-233 test OK > Signature DSA test started > Signature DSA test OK > ECDH P-224 test started > ECDH P-224 test OK > POST Failed > Power-up self test failed > > I know it failed on fingerprint test(I already did all using root), Anybody > know how to solve it. >
There are several possible causes. One is that incore is not calculating the correct signature. One workaround for this is to create your own version of "incore" which copies the target to the device, runs it and then returns the correct signature. This is how native compilation works. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
